GREYCORTEX is happy to report that MENDEL, our network traffic analysis solution, affirmatively detects infection by the WannaCry ransomware, its possible variants/clones, and protects users more effectively than rule-based detection tools alone.
Because GREYCORTEX MENDEL uses advanced artificial intelligence, machine learning, and data analysis to identify network anomalies, it easily identifies threats like WannaCry, allowing network security teams to take rapid action and stop threats before they do damage.
In the case of WannaCry, GREYCORTEX tested the ransomware in our malware lab. It was found to engage in aggressive and anomalous practices, like port-scanning behavior on an SMB port (445), attempting to connect to over 4000 devices in 175 countries across the Internet in five minutes, and downloading TOR network software. All of these behaviors were identified by MENDEL’s advanced network behavior analysis.
MENDEL users are better protected from malware like WannaCry and its variants/clones than users of firewall, IDS, or other rule-based security solutions alone. Rule-based security solutions require a known malware signature in order to create a rule. This means an attack must happen before the signature of the attack can be added as a rule. MENDEL doesn’t need a signature to identify the attack. It’s network behavior analysis features detect the attack’s symptoms before it harms the network. This means security teams have the peace of mind to know that should an attack happen, they will see it, and be able to stop it before it does damage.
If you are concerned about malware attacks, either from WannaCry or from other ransomware or malware, you may benefit from a 30 day Proof of Concept (PoC) from GREYCORTEX. During the PoC, MENDEL automatically learns your network to identify threats which may exist, including ransomware which is lying dormant in your network, or unpatched applications, which may leave you vulnerable. Do not hesitate to contact your network security professional, or GREYCORTEX directly to arrange a PoC.
“ Petya”勒索軟件:我們現在所知道的
新型WannaCryptor式勒索軟件攻擊在全球範圍內流行:您需要了解的所有信息
Petya病毒變種捲土重來!!!ESET防毒軟體已偵測並更新
實踐大學採用ESET NOD32,達到”輕盈高效能”防毒境界
東海大學擴大部署ESET防毒軟體,維護校園網路之純淨安全
將手機變成動態密碼產生器,ESET推企業級雙因素認證系統
KIWI.COM CASE STUDY
Kiwi.com (formerly Skypicker) is a fast-growing online travel agency. Founded in 2012, it has grown to over 1100 employees, and continues to grow rapidly. It serves millions of consumers every year by combining flights from carriers who do not offer route coordination. Kiwi.com administers a diversified network serving approximately 1,900 devices. The aim of the GREYCORTEX MENDEL implementation was to enable Kiwi.com to focus fully on their core business while keep their dynamically growing IT infrastructure secure and reliable.
“Since its deployment in November, 2016, GREYCORTEX helped us immensely. We were able to find security policy breaches and performance problems, and link these to problems experienced by users that previous tools had not seen. We could see attacks as they were developing and take action. We have really strengthened our security posture and are very happy with the results.” (Josef Staša, IT Operations Manager)
CHALLENGES
While the business and team are growing quickly, Kiwi.com’s IT infrastructure and network are growing even faster.
Kiwi.com’s main reason for deploying MENDEL was to ensure that the goodwill and reputation which Kiwi.com had built through a reliable and secure IT infrastructure was preserved. It was critical to the day-to-day operations of the whole company that this be done effectively. Kiwi.com needed the ability to oversee their network’s technical infrastructure and network administration from an operational, performance, and security monitoring perspective.
Other challenges included:
- Protection of customer data
- Detection of modern threats and protection against attacks targeted at network users
- Provision of a security-focused overview of network infrastructure behavior, including an automated analysis of normal behavior for individual network segments, devices, and individual users
- Monitoring Kiwi.com’s current security infrastructure configuration and effectiveness
- Improved security policy enforcement
- Easy scalability
ADVANTAGES
GREYCORTEX MENDEL includes several important features that benefited Kiwi.com’s IT team. The most important is a behavioral detection engine based on advanced machine learning and artificial intelligence. Outputs are integrated with an hourly updated list of blacklisted IPs and signatures. Because these tools are integrated, MENDEL can detect threats based not only on known signatures, but based on atomic-level symptoms of attack; for example, where an advanced persistent threat lies dormant, but communicates with its Command and Control. MENDEL also includes application performance monitoring capabilities, offering teams detailed data for business critical transactions, combined with security events for easy root cause analysis; all in real time, without slowing the network. Finally, MENDEL helped to enforce Kiwi.com’s existing security policies and maintain its compliance with government regulations.
RESULTS
GREYCORTEX MENDEL was installed quickly, and it immediately and automatically began to learn the network. Kiwi.com’s original security posture, while strong, was greatly improved with GREYCORTEX MENDEL and is now prepared for more advanced threats.
Among other results, MENDEL helped Kiwi.com achieve the following:
- Better enforcement of security policies and quicker resolution of incidents
- Complete network visibility
- Discovery and analysis of network and application performance problems
- Forensic analysis
View the case study in .pdf here.